After migrating your Enterprise Console to a new server, all managed endpoints fail to report into the new Enterprise Console. On the Enterprise Console server you will see a similar error to this in the Agent log.

This is caused when the certificates from the old server is either imported incorrectly or not imported at all.

What To Do

There are a number of different scenarios that can cause the same symptoms, each has been detailed below. This guide assumes you have knowledge on uninstalling applications as well as using the registry.

Certificates Not Imported

If the certificates were not imported during the migration process the client devices will fail authentication when communicating with the Enterprise Console server.

On the new server, uninstall the components below if they exist:

Sophos Management Server

Sophos Update Manager

Sophos Remote Management System

On the old server, backup the certificates found in the registry using one of the below paths

32-bit OS: HKLM\SOFTWARE\Sophos\Certification Manager

64-bit OS: HKLM\SOFTWARE\Wow6432node\Sophos\Certification Manager

If moving between a 32-bit and 64-bit platform then follow the section titled 'Certificates Not Updated For Your Platform'.

On the new server import the certificates into the registry

Reinstall the Enterprise Console and the problem should be solved

Certificates Imported After Installation

The order in which the certificates are imported is very important. If they are imported too late in the migration procedure, new certificates will already have been issued and assigned to various components on the server.

On the new server, uninstall the components below if they exist:

Sophos Management Server

Sophos Update Manager

Sophos Remote Management System

If moving between a 32-bit and 64-bit platform then please follow the section titled "Certificates Not Updated For Your Platform"

On the new server import the certificates into the registry

Reinstall the Enterprise Console and the problem should be solved

Certificates Not Updated For Your Platform

When moving from a 32-bit to 64-bit platform you need to update the registry entries to reflect Microsoft's new registry path used by 64-bit operating systems.

On the new server, uninstall the components below if they exist:

Sophos Management Server

Sophos Update Manager

Sophos Remote Management System

On the old server, backup the certificates found in the registry using one of the below paths

32-bit OS: HKLM\SOFTWARE\Sophos\Certification Manager

64-bit OS: HKLM\SOFTWARE\Wow6432node\Sophos\Certification Manager

Open the backed up registry key in notepad

Select Edit | Replace.

Complete the fields:

Find: \SOFTWARE\Sophos\

Replace: \SOFTWARE\Wow6432Node\Sophos\

Click Replace all

Using the same procedure also replace the strings below:

Find: C:\\Program Files\\Sophos\\Enterprise Console\\SUMInstaller and in